System and method for electronic certification and authentication of data

ABSTRACT

A system and method for authenticating data. Data may be received that is individually encrypted in a first encryption layer by each of a plurality of users using user-specific private keys. The received data may be encrypted together in a second encryption layer to create multi-layered encrypted data. The multi-layered encrypted data may be transferred to a beneficiary device to determine if the encrypted data is authentic. At the beneficiary device, the second encryption layer may be decrypted to expose the first encryption layer. Then, the first encryption layer may be decrypted using public keys that only decrypt data encrypted by private keys assigned to a plurality of authorizers pre-designated to authenticate the data. If the first encryption layer is properly decrypted using the authorizers&#39; decryption keys, it may be determined that the users are the pre-designated authorizers.

FIELD OF THE INVENTION

Embodiments of the invention relate to document security. In particular, some embodiments relate to systems and methods for verifying the authenticity of document information and signatures to prevent fraud.

BACKGROUND OF THE INVENTION

Current document authentication relies on the manual inspection of physical markers, such as, stickers, thermal stamps and water marks. However, such manual inspection using the naked eye is highly variable from person to person and highly prone to error, rendering such documents susceptible to fraud.

Accordingly, automated authentication mechanisms have been developed that use encryption keys to digitally mark documents. However, there is currently no guarantee that the intended users hold the keys. If the encryption keys are stolen, they may be used to corrupt documents and commit fraud.

SUMMARY OF EMBODIMENTS OF THE INVENTION

Embodiments of the invention provide systems and methods for authenticating data. Data may be received that is individually encrypted in a first encryption layer by each of a plurality of users using user-specific private keys. The received data may be encrypted together in a second encryption layer to create multi-layered encrypted data. The multi-layered encrypted data may be transferred to a beneficiary device to determine if the encrypted data is authentic. At the beneficiary device, the second encryption layer may be decrypted to expose the first encryption layer. Then, the first encryption layer may be decrypted using public keys that only decrypt data encrypted by private keys assigned to a plurality of authorizers pre-designated to authenticate the data. If the first encryption layer is properly decrypted using the authorizers' decryption keys, it may be determined that the users are the pre-designated authorizers. Furthermore, if decrypting the first encryption layer generates error codes having substantially no errors, it may be determined that the original data is not corrupted and therefore, authentic.

BRIEF DESCRIPTION OF THE FIGURES

Embodiments of the invention are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like reference numerals indicate corresponding, analogous or similar elements. The subject matter regarded as the invention is particularly pointed out and distinctly claimed in the concluding portion of the specification. The invention, however, both as to organization and method of operation, together with objects, features, and advantages thereof, may best be understood by reference to the following detailed description when read with the accompanying drawings in which:

FIG. 1 is a schematic illustration of a system for authenticating data according to an embodiment of the present invention;

FIGS. 2A-2C are schematic illustrations of data structures signed or encrypted for authentication according to embodiments of the present invention; and

FIG. 3 is a flowchart diagram illustrating a method for authenticating data according to embodiments of the present invention.

It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity, or several physical components may be included in one functional block or element. Further, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures, and components have not been described in detail so as not to obscure the present invention. Some features or elements described with respect to one embodiment may be combined with features or elements described with respect to other embodiments. For the sake of clarity, discussion of same or similar features or elements may not be repeated.

Although embodiments of the invention are not limited in this regard, discussions utilizing terms such as, for example, “processing,” “computing,” “calculating,” “determining,” “encrypting”, “decrypting”, “signing”, “verifying”, “authorizing”, “authenticating”, or the like, may refer to operation(s) and/or process(es) of a computer, a computing platform, a computing system, or other electronic computing device, that manipulates and/or transforms data represented as physical (e.g., electronic) quantities within the computer's registers and/or memories into other data similarly represented as physical quantities within the computer's registers and/or memories or other information storage medium that may store instructions to perform operations and/or processes.

Although embodiments of the invention are not limited in this regard, the terms “plurality” and “a plurality” as used herein may include, for example, “multiple” or “two or more”. The terms “plurality” or “a plurality” may be used throughout the specification to describe two or more components, devices, elements, units, parameters, or the like. For example, “a plurality of devices” may include two or more devices. Unless explicitly stated, the method embodiments described herein are not constrained to a particular order or sequence. Additionally, some of the described method embodiments or elements thereof can occur or be performed simultaneously, at the same point in time, or concurrently.

Embodiments of the invention provide a system and method for authenticating data by a plurality of pre-designated authorizers. All of the authorizers may sign the data, e.g., using personalized private keys, to authenticate the data. A data manager may provide the data and/or designated the plurality of authorizers. In one embodiment, the data input to be signed or encrypted may include the original data to be authenticated and/or information associated with the signing authorizers, for example, transformed using hash functions. Hash functions may provide a compressed fingerprint or code of the input data, such that, any change to the input data may be identified, thereby indicating that the original data is corrupted or not authorized are the designated authorizers.

Embodiments of the invention may secure documents or data by applying multiple layers of encryption, for example, to the hash codes or other data. A first encryption layer may be designated for a plurality of (N) authorized users to encrypt the data. A second encryption layer may be designated for an organization (or a representative thereof, such as, a president or company administrator) to encrypt the data. A certificate or security authority may issue each authorizer and/or organization a private key uniquely associated therewith. The (N) authorizers may individually sign or encrypt the data using their respective private keys. All (N) encrypted versions of the data may be combined, for example, as a hash, sequence, series, weighted sum, or any other function, to accumulate all of the individual authorizers' encryptions. For the second encryption layer, the organization's private key may be applied to the combined data to generate multi-layered encrypted data.

Once the data is encrypted, e.g., as multi-layered encrypted data, the data may be transferred, directly or indirectly, to an authenticating or beneficiary device with the associated public keys. The associated public keys may be uniquely paired with (and only decrypt data encrypted by) the respective private keys assigned to the plurality of pre-designated authorizers (to decrypt the first layer) and the organization (to decrypt the second layer). The public key(s) uniquely designated to decrypt only data encrypted using the organization's private key(s), may be used to attempt to decrypt the second encryption layer. If the decryption is successful, i.e., if the organization's public key was successfully used to decrypt the encrypted document, it can be concluded that the document was encrypted using the organization's private key, thereby indicating that the data was indeed encrypted by the organization, and no error is detected in the hash codes indicating that the original data is not tampered or corrupted.

Once the second encryption layer is successfully decrypted, the first encryption layer may be exposed for decryption. The public keys uniquely designated to decrypt only the private keys of the plurality of pre-designated authorizers may be used to attempt to decrypt the first encryption layer. As described with respect to the organization, above, decryption may be successful if the public and private keys fit for one or more of the authenticators, indicating that the data is indeed encrypted by the plurality of pre-designated authorizers, and if substantially no error is detected in the hash codes indicating that the original data is not corrupted. If both the first and second layers are successfully decrypted, the original data may be authorized. However, if any of the data is corrupted (reflected in the decrypted hash codes) or if even one of the (N) users or the organization that encrypt the data is not an authorized or registered user (indicated by the failure of their public keys to decrypt the data), the data may not be authorized.

The first encryption layer may enable each user to separately encrypt their own version or copy of the data independently, for example, without waiting for or receiving input from any other user. Accordingly, the data manager may edit or change the (N) authorizers pre-designated to authenticate the data. For example, the data manager may add, delete, swap, replace or otherwise change the pre-designated authorizers. Such changes may be made up until authentication is requested, which triggers completion and transfer of the multi-layered encrypted data. Accordingly, staff changes (e.g., someone gets promoted), new company structures (e.g., changes in security clearance or divisions of departments), limited authorizer availability (e.g., authorizers unavailable due to vacation), etc., may all be managed by this flexible designation of authorizers. In the meantime, while the list of authorizers is being finalized, each user may proceed to authorize independently. In one example, a data manager may only want verification from a predetermined number of authorizers. The data manager may send the data to a greater pool of potential authorizers and when satisfied, e.g., once the data is verified by the predetermined number of authorizers, may designate those as the final set of authorizers.

The second encryption layer may be applied, in addition to the authorizer-encrypted first layer, for example, to provide additional security by receiving additional verification and encryption from an organization. Although, an authorizer generally refers to an individual and an organization generally refers to a company, group, or agency, authorizers and organizations may refer to any individuals, groups, ranks, security levels, departments, or any types of one or more users. Typically, authorizers and organizations refer to different types of users.

Decryption keys may be public (or less restricted) so that anyone (or a designated class of users) may decrypt a document in order to determine data authenticity, while encryption keys may be private or unique so that only the designated authorizers and organization may verify the data. In one embodiment, the encryption keys may be asymmetric encryption keys.

Reference is made to FIG. 1, which schematically illustrates a system 100 for authenticating data according to an embodiment of the present invention.

System 100 may include a system server 102 running a web application over a secure and trusted network 104. System server 102 may include or may be connected to a memory device 106, such as, a universal serial bus (USB), a smartcard or hardware secure module (HSM), that stores a digital certificate to verify the authenticity of a user or organization. The digital certificate may include a private key 108 issued uniquely to an organization, such as, a company, department, agency, administrator or other individual or group of users. The organization's private key 108 may be obtained from a certificate authority that issues and keeps records of each user's or organization's digital certificate keys.

System 100 may include one or more system registrar(s) 110, one or more authorizer(s) 112 and one or more data managers(s) 114, e.g., computer devices operated by users, connected via trusted server network 104. Registrar 110 may register authorizers 112 in system 100. Each authorizer 112 may include or may be connected to a memory device 116 that stores its unique private key 118 to verify the authenticity of that authorized user. Data manager 114 may provide data to be authenticated (e.g., documents, messages, etc.), designate one or more authorizers 112 to authorize the data and/or designate one or more beneficiaries 120 to receive the data.

The data to be authenticated may be transformed by hash functions and signed or encrypted multiple times to generate multi-layered encrypted data. For example, authorizers 112 may each sign or encrypt the data using their respective authorizer private keys 118 to generate a first layer of encrypted data. After the authorizer signatures, system server 102 may further sign or encrypt the data using its organization private key 108 to generate a second layer of encrypted data. Each signature or encryption may be applied to a hash function of the original dataset (and authorizer or organization information), thereby reflecting any changes to the original data itself. Data structures used to encrypt the data are described in greater detail in reference to FIGS. 2A-2C. Data manager 114 may change or edit the final list of designated authorizers and/or the destination or beneficiaries 120 of the data at any time before the data is certified, for example, when the organization's private key 108 is used to generate the second and final layer of encrypted data.

According to some embodiments of the invention, the authorization process may be performed in a streamlined fashion, for example, using rules. For example, upon creation of a document for authentication, the system may analyze the content of the document and determine based on business rules which individuals in the organization, or which members of certain categories or officers of the organization must authorize the document. For example, if the document is determined to be a contract, the rules may establish that the vice president of operations, the general counsel, and at least one officer of the company must sign the document. The system may then forward the document to the vice president of operations and the general counsel for authentication. In addition, the system may forward to all officers of the company for authentication, and wait for one to authenticate the document, or it may send to each one in turn until one authenticates the document. In some embodiments, the type of document may be identified manually by its creator using a metadata field in a document management system, or the document creator may manually identify the individuals or categories of individuals that must to authenticate the document.

Once the authorizers are established (by identity, or by category), the system may further streamline the authorization process. For example, in some embodiments, the system may send emails to registered addresses of the authorizers, notifying them that a document is awaiting their authorization, and inviting them to access the document, for example, sending them a hyperlink to the universal resource locator (URL) where the document is located. The document may be associated with a deadline by which time the document must be authenticated by all authorizers and/or by the organization, and the system may send reminders to authorizers who have not yet responded until they respond.

There may also be an order of authorization among authorizers. For instance, in the above example, based on their rakings in the corporate hierarchy, the vice president of operations may be required to authorize first, then only after the vice president of operations has authorized the document, the general counsel may be asked to authorize the document, and lastly, only after the vice president of operations and the general counsel have authorized the document, the officer of the company may be asked to authorize the document.

After the data is encrypted, the encrypted data may be sent to beneficiary 120, e.g., via a mail server 122 as an electronic mail (e-mail) message, archive server 124 as archival data, or business application server 126 as business data. Beneficiary 120 may decrypt the multi-layered encrypted data layer-by-layer, for example, using public keys associated with the pre-designated authorizers and organization. The public may be obtained from the certificate authority or transferred together with the encrypted data, as described in reference to FIGS. 2A-2C.

Beneficiary 120 may initially attempt to decrypt the second (last signed) encryption layer using the public key paired to organization key 108. If the decryption is unsuccessful, the device that encrypted the data may be a non-designated or fraudulent device or the input data may have been changed or corrupted. In either case, beneficiary 120 may invalidate, discard or otherwise discredit the data. However, if the proper organization system server 102 did indeed encrypt the data and the data was not corrupted, the decryption may be successful thereby exposing the first encryption layer. Beneficiary 120 may then attempt to decrypt the first encryption layer using the public keys respectively paired to authorizers' keys 118 for each authorizer 112 designated by data manager 114. If the data cannot be decrypted or the decrypted data is corrupted, beneficiary 120 may invalidate, discard or otherwise discredit the data. However, if the data is decrypted, the authorizers of the data are the designated authorizers 112, and if additionally substantially no errors are detected in the decrypted data, the original data may be authenticated. It may be noted that some minor error may be expected due to error in data transmissions, but such errors are substantially small (e.g., on the order of one in ever 10̂3 or fewer bits) and may be distinguished from errors due to corrupted data, which are more frequent or dense (e.g., on the order of one in 10 or more bits).

Reference is made to FIGS. 2A-2C, which schematically illustrate data structures signed or encrypted for authentication according to embodiments of the present invention. The data structures of FIGS. 2A-2C may be encrypted and/or decrypted by devices of FIG. 1.

FIG. 2A illustrates data structures encrypted by each (ith) authorizer (e.g., authorizers 112 of FIG. 1) in a first layer of a multi-layered encryption. The first layer encryption may input original data 200 to be authenticated and information 202 associated with (N) pre-designated authorizers (e.g., provided by data manager 114 of FIG. 1). Each (ith) authorizer (i=1, . . . , N) may combine original data 200 and information 202 associated with that ith authorizer to generate hash codes 204 defining the combined data. Hash codes 204 may be a function of every (or most) data bits of original data 200 and information 202 to reflect if any of these data structures has been corrupted. The (ith) authorizer may then sign or encrypt hash codes 204 using the authorizer's unique key 206 (e.g., key 118 of FIG. 1) to generate authorizer encrypted hash codes 208. This process may be repeated (N) times for each of the (N) authorizers to output (N) authorizers encrypted hash codes 208, which may be used as input in the second encryption layer of FIG. 2B.

FIG. 2B illustrates data structures encrypted by a system server (e.g., system server 122 of FIG. 1) in a second layer encryption. The (N) authorizers encrypted hash codes 208 may be input into the second layer encryption, along with the original data 200 and information 210 associated with an organization. The organization may be explicitly designated by or implicitly associated with a data manager (e.g., data manager 114 of FIG. 1). The input data may be combined and hash codes 212 may be generated based on the combined data. The system server may use a digital certificate key 214 unique to the organization (e.g., key 108 of FIG. 1) to sign or encrypt hash codes 212 to generate organization encrypted hash codes 216.

FIG. 2C illustrates data structures sent to a beneficiary (e.g., beneficiary 120 of FIG. 1) to authenticate (or conversely, to invalidate) original data 200. Data structures sent to the beneficiary may include, for example, original data 200, authorizers encrypted hash codes 208, authorizers verification public key certificates 218 (e.g., the public key paired to the designated authorizers' private keys), organization encrypted hash codes 216, and organization verification public key certificates 220 (e.g., the public key paired to the designated organization's private keys). The beneficiary may use public key certificates 218 to decrypt authorizers encrypted hash codes 208 and organization verification public key certificates 220 to decrypt organization encrypted hash codes 216. If either set of encrypted hash codes 208 or 216 cannot be decrypted, the beneficiary may determine that the key does not belong to the proper authorizer or organization (e.g., the document was signed by a fraudulent party). If encrypted hash codes 208 or 216 are decrypted but the decrypted data is erroneous, the beneficiary may determine that the input data was corrupted. In either case of unsuccessful decryption, original data 200 is not authenticated. However, if both sets of encrypted hash codes 208 or 216 are decrypted without error, the beneficiary may authenticate original data 200.

Reference is made to FIG. 3, which is a flowchart diagram illustrating a method for authenticating data according to embodiments of the present invention. The method of FIG. 3 may be executed using the devices of FIG. 1.

In operation 310, a registrar (e.g., registrar 110 of FIG. 1) may register authorizers (e.g., authorizers 112 of FIG. 1) in a system (e.g., system 100 of FIG. 1), for example, using a registration interface. The authorizers may access the registration interface, for example, by logging-in using web browsers from their respective computer devices, and entering their identification information.

In operation 320, a data manager (e.g., data manager 114 of FIG. 1) may log-in to the system and upload original data, such as, digital documents, for example, using a web browser from their computer device. The system's security protocol automatically prevents any changes to the uploaded original data.

In operation 330, the data manager may designate authorizers to approve the uploaded data, for example, by selecting their names, departments, identification codes, etc., from a list of potential authorizers registered in the system. The data manager may designate the beneficiary or recipient(s) of the data or, may designate a class, department or security level that may be such a beneficiary. Alternatively, any device may have the potential to be a beneficiary, for example, mediated by a security authority determining which devices may gain access to the proper public keys to decrypt the data. The data manager may explicitly designate or select one or more organization to authorize the uploaded data or such organization may be implicitly or automatically designated, for example, when the system only recognizes one organization, when the authorizers are automatically assigned or linked to the organization(s) or when the data manager is automatically linked to the organization(s). The selected authorizers, beneficiaries and/or organizations designated for this data may be changed at any time before the organization certifies the document, for example, in operation 350.

In operation 340, designated authorizers (e.g., verified via their registered log-in) may each certify or sign data to generate a first encryption layer. Each authorizer may certify or sign data, for example, by encrypting hash code of the original data and authorizer information, using the authorizer's digital private key (e.g., private key 118 of FIG. 1). The authorizers may obtain their respective private keys from a certificate authority and may store the private keys, for example, in a USB, smartcard, HSM or other external memory (e.g., memory device 116 of FIG. 1) connected to their respective computer devices.

In operation 350, after all the designated authorizers sign the data, the organization's system server (e.g., system server 102 of FIG. 1) may certify or sign data to generate a second encryption layer. The organization may certify or sign data, for example, by encrypting hash code of the original data, the authorizers encrypted hash codes generated in operation 340 and organization information, using the organization's digital private key (e.g., private key 108 of FIG. 1). The organization may obtain their private key from a certificate authority and may store the private key, for example, in a USB, smartcard or HSM or other external memory (e.g., memory device 106 of FIG. 1) connected to their system server.

In operation 360, the organization's system server may transfer the multiple encryption layers of the data to the beneficiaries, e.g., designated in operation 330. The multi-layered encrypted data may include, for example, the original data uploaded in operation 320, the authorizers encrypted hash codes generated in operation 340, and/or the organization encrypted hash codes generated in operation 350. The beneficiaries may receive the data, for example, via a mail server (e.g., mail server 122 of FIG. 1), an archive server (e.g., archive server 124 of FIG. 1) or a business application server (e.g., business application server 126 of FIG. 1).

In operation 370, the beneficiaries may determine if the original data is authentic (or not) by decrypting the multi-layered encrypted data, for example, as follows:

-   -   a. Decrypt the second layer of encrypted data using the         organization's public key, for example, obtained from a         certificate authority. The second layer decryption may return         hash code that the organization encrypted, which may be compared         with hash code of the original data and the authorizers         encrypted hash codes.     -   b. Decrypt the first layer of encrypted data using each         designated authorizer's public key, for example, obtained from a         certificate authority. The second layer decryption may return         hash code that each authorizer encrypted, which may be compared         to hash code of the original data.         The beneficiaries may determine that the data is authentic if         each layer may be decrypted (indicating the layer was encrypted         or signed by the authorizers designated in operation 330) and         the decrypted hash codes match the compared hash codes         (indicating the transferred original data and hash codes are not         corrupted). Otherwise the beneficiaries may determine that the         data is inauthentic or corrupt.

Other operations or orders of operations may be used.

Embodiments of the invention may enable users to modify a list of authorizers that are designated to authorize original digital documents/data before the system certifies these digital documents/data.

Embodiments of the invention may protect digital documents/data uploaded into the system from changes by authorizers signing the data. Authorizers may sign the data, for example, by encrypting the hash codes of the digital data and the authorizer information using the authorizers' digital private key obtained from a certificate authority stored in at the authorizers' computers.

Embodiments of the invention may certify digital documents/data after all authorizers have signed the document/data, for example, by encrypting the hash code of the digital documents/data, organization information and all of the encrypted hash codes of the digital document/data and the authorizers information, using an organization's digital private key obtained from a certificate authority stored in the system server.

Embodiments of the invention may send the digital document/data, authorizers encrypted hash codes (of digital document and authorizers' information), authorizers verification public keys certificates, organization encrypted hash codes (of digital document/data, organization information and encrypted hash codes of digital document/data and authorizers information) and organization verification public key certificate to a beneficiary, for example, via an e-mail, archive or business application trusted server.

According to embodiments of the invention, the beneficiaries may verify that authorizers, which are authorized by the organization to sign a particular document or data, have signed the document/data and that substantially no changes are allowed to the document, for example, by:

-   -   a. Using the organization public key stored in the organization         verification public key certificate, digitally signed by the         certificates authority to authenticate it as the public key of         the identified organization to decrypt the hash code that the         organization encrypted and comparing it with the hash code of         the digital document/data, organization information and         authorizers encrypted hash codes.     -   b. Using each authorizer public key stored in the authorizer         verification public key certificate, digitally signed by the         certificates authority to authenticate it as the public key of         the identified authorizer to decrypt the hash code of each         authorizer encrypted hash code and comparing it with the hash         code of the document/data and authorizer information.         Such embodiments may verify the signing authorizers are indeed         the proper authorizers and that the data/document (defined by         the hash codes) has substantially no errors.

In some embodiments of the invention, to authenticate a document/data, the document/data may have substantially no error. It may be noted that some minor error in the original data or in the hash codes thereof may be expected due to device errors during data transmissions, storage and processing errors. However, these errors are substantially small (e.g., affecting bits on the order of one in every 10̂3 or fewer) and may be distinguished from errors due to corruption or fraud, which are more frequent or dense in at least some portions of the document/data (e.g., affecting bits on the order of one in every 10 or more). Alternatively, in other embodiments of the invention, the document/data may have absolutely no error for authentication.

While certain features of the invention have been illustrated and described herein, many modifications, substitutions, changes, and equivalents will now occur to those of ordinary skill in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention. 

What is claimed is:
 1. A method for authenticating data, the method comprising: receiving data individually encrypted in a first encryption layer by each of a plurality of users using user-specific private keys; encrypting the received data together in a second encryption layer to create multi-layered encrypted data; and transferring the multi-layered encrypted data to a device that has public keys that only decrypt data encrypted by private keys assigned to a plurality of pre-designated authorizers to determine if the users are the pre-designated authorizers.
 2. The method of claim 1, wherein the second encryption layer is encrypted using an organization-specific private key uniquely assigned to an organization and decrypted using a corresponding organization-specific public key.
 3. The method of claim 1, wherein the plurality of authorizers are pre-designated by a data manager.
 4. The method of claim 3, wherein changes to the pre-designated authorizers are able to be received from the data manager at any time prior to encrypting the second encryption layer.
 5. The method of claim 4 comprising, if the data manager attempts to change the pre-designated authorizers after the request to authenticate the data is received, sending the data manager a message indicating a lock out from editing the pre-designated authorizers.
 6. The method of claim 1, wherein the first layer encrypts hash functions of the original data to be authenticated and information associated with the authorizers and the second layer encrypts hash codes of the original data to be authenticated, hash codes output from the first layer encryption and information associated with an entity designated to encrypt the second layer.
 7. The method of claim 1, wherein the authorizers define individuals, groups, ranks, security levels, departments, or types of authorizers.
 8. The method of claim 1, wherein the encryption keys are asymmetric encryption keys.
 9. The method of claim 1 comprising storing the multi-layered encrypted data at a secure server.
 10. A method for authenticating original data, the method comprising: receiving multi-layered encrypted data, wherein a first encryption layer is individually encrypted by a plurality of users using user-specific private keys, which is in turn combined and encrypted in a second encryption layer; decrypting the second encryption layer to expose the first encryption layer; attempting to decrypt the first encryption layer using public keys that only decrypt data encrypted by private keys assigned to a plurality of authorizers pre-designated to authenticate the data; and determining that the users are the pre-designated authorizers only if the first encryption layer is properly decrypted using the authorizers' decryption keys.
 11. The method of claim 10, wherein the second encryption layer is encrypted using an organization-specific private key uniquely assigned to an organization and decrypted using a corresponding organization-specific public key.
 12. The method of claim 10, wherein the plurality of authorizers are pre-designated by a data manager.
 13. The method of claim 12, wherein changes to the pre-designated authorizers are able to be received from the data manager at any time prior to encrypting the second encryption layer.
 14. The method of claim 10, wherein the multi-layered encrypted data encrypts hash codes of the original data and comprising determining that the original data is not corrupted if decrypting the first encryption layer generates hash codes having substantially no errors.
 15. A system for authenticating data, the systems comprising: a memory to store multi-layered encrypted data, wherein a first encryption layer is individually encrypted by a plurality of users using user-specific private keys, which is in turn combined and encrypted in a second encryption layer; and a processor to transfer the multi-layered encrypted data to a beneficiary device, wherein the beneficiary device is adapted to: decrypt the second encryption layer to expose the first encryption layer, attempt to decrypt the first encryption layer using public keys that only decrypt data encrypted by private keys assigned to a plurality of authorizers pre-designated to authenticate the data, and determine that the users are the pre-designated authorizers only if the first encryption layer is properly decrypted using the authorizers' decryption keys.
 16. The system of claim 15 comprising a certificate authority to issue each user their user-specific private keys and to issue the corresponding public keys for use by the beneficiary device.
 17. The system of claim 15, wherein the second encryption layer is encrypted using an organization-specific private key uniquely assigned to an organization and the beneficiary device decrypts the second encryption layer using a corresponding organization-specific public key.
 18. The system of claim 15 comprising a device operated by a data manager to pre-designate the plurality of authorizers.
 19. The system of claim 18, wherein the device operated by a data manager is able to change the pre-designated authorizers at any time prior to the encryption of the second encryption layer.
 20. The system of claim 15, wherein the multi-layered encrypted data comprises encrypted hash codes of the original data and the beneficiary device determines that the original data is not corrupted if decrypting the first encryption layer generates hash codes having substantially no errors. 